Week 52 In Review

Week 52 In Review

Events Related

Chaos Communications Congress Debriefing(s)
…dedicated to information about the conferences and events of the CCC. Being our most important event, the annual Chaos Communication Congress is usually the main focus. But we provide announcements and background information for other CCC events as well – be it regional or international.

2011 year In Review: Online Security Highlights and Lowlights – blog.zonealarm.com
2011 was a big year in terms of online security. From well-publicized data breaches of major companies to the takedown of giant botnets, cybercrime made many headlines. And though hackers came up with more innovative ways to steal information and wreak havoc on the Web, the spotlight on online security vulnerabilities prompted both officials and average users to be more vigilant. Here, we recount the major online security highlights and lowlights of the year.

Lynis v1.3.0. Released – rootkit.nl/files/lynis-1.3.0.tar.gz
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

New Tools ByPass Wireless Router Security – krebsonsecurity.com
Security researchers have released new tools that can bypass the encryption used to protect many types of wireless routers. Ironically, the tools take advantage of design flaws in a technology pushed by the wireless industry that was intended to make the security features of modern routers easier to use.

UPDATE: OWASP AJAX Crawling Tool 0.2a! – code.google.com/p/fuzzops-ng/downloads/list
OWASP AJAX Crawling Tool is a tool which will automate the crawling of AJAX applications. It can be daisy-chained with other proxies (like ZAP or Burp) to allow the functionality of those tools to be used on aspects of a web app that traditional spidering tools will miss.

Java Dynamic Instrumentation Crash Course
This is the first in a series of several ways to go about doing dynamic instrumentation in Java. I will be making use of the Javassist bytecode manipulation library for this series. In this first post, I will be going over Java dynamic instrumentation used within the main program. First, you will need Java installed (of course) and the Javassist jar file (I am using version 3.15). While the Javassist API documentation will provide a thorough description of the classes and functions involved, I will be covering the basics.

Heap Overflows for Humans 102.5 – net-ninja.net
Hi folks. Sometime ago, I discussed an old, but important technique for exploiting application specific heap overflows under windows XP SP3. Today, I am going to discuss another important technique and give an introduction to my immunity debugger plug-in tool called !heaper!

Fun With BSD-derived Telnet Demons – community.rapid7.com
A port of this exploit to the Metasploit Framework is in progress and we just added a scanner module that can be used to identify vulnerable instances of the telnet service. This module tries to trigger the vulnerability with an invalid pointer, causing the inetd-spawned process to exit. Since this process automatically respawns, it should be safe to scan all affected inetd-based systems.

Cracking WPA in 10 Hours or Less – devttys0.com
The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours.

Jumping to another network with VPN pivoting – community.rapid7.com
VPN Pivoting is one of the best but also most elusive features in Metasploit Pro, so the best way is to see it. That’s why I’ve decided to post a snippet of a recent webinar, where HD Moore shows this feature in action.

ZoneTransfer.me – digininja.org
When teaching, and when talking to clients, I sometimes have to explain the security problems related to DNS zone transfer. The problem usually comes when trying to demonstrate how it works and what information can be leaked, trying to remember which domains have zone transfer enabled and then hoping that they still have it turned on can make it hard. So, to ease both of these problems I’ve registered zonetransfer.me, a domain which is easy to remember and which will always have zone transfer enabled.

Exploit Writing Tutorial Part 11 : Heap Spraying Demystified – corelan.be
With this tutorial, I’m going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer browsers. I’ll start with some “ancient” (“classic”) techniques that can be used on IE6 and IE7. We’ll also look at heap spraying for non-browser applications.

Vendor/Software Patches

Microsoft Security Bulletins MS11-100 – Critical – technet.microsoft.com
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.

Vulnerabilities

From 0Day to 0Data: TelnetD – dankaminsky.com
Recently, it was found that BSD-derived Telnet implementations had a fairly straightforward vulnerability in their encryption handler. (Also, it was found that there was an encryption handler.) Telnet was the de facto standard protocol for remote administration of everything but Windows systems, so there’s been some curiosity in just how nasty this bug is operationally.

Wi-Fi Protected Setup (WPS) PIn brute Force Vulnerability – isc.sans.edu
Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 – available since January 2007) designed to ease the process of securely setup Wi-Fi devices and networks. A couple of days ago US-CERT released a new vulnerability note, VU#723755, that allows an attacker to get full access to a Wi-Fi network (such as retrieving your ultra long secret WPA2 passphrase) through a brute force attack on the WPS PIN.

Other News

Anonymous vs. Stratfor
Austin, Texas-based Strategic Forecasting, or Stratfor, disclosed over the weekend that its Web site, which remains down, was hacked and information about its corporate subscribers–who include the likes of the U.S. Army, U.S. Air Force, and Miami Police Department–was disclosed. AntiSec, an Anonymous-affiliated hacktivist group, quickly claimed responsibility and promised “mayhem” with plans to release even more documents.

Naval researchers pioneer TCP-based spam detection – itworld.com
A group of researchers from the U.S. Naval Academy has developed a technique for analyzing email traffic in real-time to identify spam messages as they come across the wire, simply using information from the TCP (Transmission Control Protocol) packets that carry the messages.

Huge portions of Web vulnerable to denial-of-service attack – arstechnica.com
Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables. Announced publicly on Wednesday at the Chaos Communication Congress event in Germany, the flaw affects a long list of technologies, including PHP, ASP.NET, Java, Python, Ruby, Apache Tomcat, Apache Geronimo, Jetty, and Glassfish, as well as Google’s open source JavaScript engine V8.

QR Code Malware Picks Up Steam – darkreading.com
As mobile marketers have latched onto the convenience and cool-factor of QR codes, hackers are starting to take advantage of these square, scannable bar codes as a new way to distribute malware.

New Year’s Resolution: Full Disk Encryption On Every Computer You Own – eff.org
Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues. Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. Best of all, it’s free. So don’t put off taking security steps that can help protect your private data. Join EFF in resolving to encrypt your disks 2012.

One Comment

[…] Week 52 In Review | Infosec EventsBy Glenn SantosResearchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables. Announced publicly on Wednesday at the Chaos Communication …Infosec Events […]

Leave A Comment

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.